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" Tho MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )I3 Responsive to connmunication(s) filed on 17 November 2003 . 
2a)n This action is FINAL. 2b)13 This action is non-final. 

3) n Since this application is in condition for allowance except for fomial matters, prosecution as to the merits is 

closed in accordance with the practice under £x parte Quay/e, 1935 CD. 11,453 0.0.213. 
Disposition of Claims 

4) ^ Claim(s) 1-14 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) n Claim(s) is/are allowed. 

6) 13 Claim(s) 1-14 is/are rejected. 

Claim(s) is/are objected to. 

8) 0 Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) 13 The specification is objected to by the Examiner. 

10) 0 The drawing(s) filed on is/are: a)n accepted or b)^ objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

11) 0 The proposed drawing correction filed on is: a)n approved b)n disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 

12) 0 The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§119 and 120 

13) 0 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 

a)nAII b)n Some* 0)0 None of: 

1 .□ Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. n Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

14) 13 Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 119(e) (to a provisional application). 

a) □ The translation of the foreign language provisional application has been received. 

15) n Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121 . 

Attachment(s) 

1) M Notice of References Cited {PTO-892) 4) □ Interview Summary (PTO-413) Paper No(s). . 

2) CD Notice of Draftsperson's Patent Drawing Review (PTO-948) 5) CI Notice of Informal Patent Application (PTO-1 52) 

3) D InformaUon Disclosure Statement(s) (PTO-1449) Paper No(s) . 6) □ Other: 
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DETAILED ACTION 



Response to Amendment 

1 . Examiner withdraws the rejections to claims 3-4 under 35 U.S.C. 112 second 
paragraph as the amendments to the claims overcome the rejections. 



2. The disclosure is objected to because of the following informalities: on page 9, 
the 8^^ sentence in the third paragraph is not grammatical. Appropriate correction is 
required. 

3. The title of the invention is not descriptive. A new title is required that is clearly 
indicative of the invention to which the claims are directed. The following title is 
suggested: 'Non malleable encryption method and apparatus using key-encryption keys 
and digital signature'. 



4. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 



Specification 



Claim Rejections - 35 USC § 103 
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5. Claims 1-5 and 9-14 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Schneier Applied Cryptography 2"'' Edition (hereinafter Schneier) in view of Deo 
U.S. Patent No. 5,721 ,781 (hereinafter Deo). As per claim 1 , Schneier teaches an 
EIGamal encryption method which substantially covers the claim (see Schneier, page 
478, 'EIGamal Encryption'). Although the method disclosed by Schneier is silent on the 
matter of encrypting a key value (the EIGamal scheme is taught as a method to encrypt 
a general message), it is conventional in the art to use public key encryption methods 
for secure key exchange, especially those that are variants of the Diffie- Hell man key 
exchange algorithm. Also conventionally known is that public key encryption methods 
are much slower and generate a longer ciphertext than symmetric methods (but they 
provide a more secure ciphertext based on similar key lengths); hence, message 
encryption is typically divided into two work loads: a public key encryption method is 
used to exchange a session key whereupon a symmetric algorithm using this session 
key encrypts the message (see Schneier, page 216, 'Public-Key Cryptography verses 
Symmetric Cryptograph/). Therefore, it would be obvious to one of ordinary skill in the 
art at the time the invention was made to use the EIGamal encryption method as 
disclosed by Schneier to securely transmit a secret key from a sender to a receiver for 
the purpose of encrypting and decrypting a message with the secret key. The 
motivation for such an implementation would enable a faster cryptosystem for the 
secure transmission of messages. Hence, the EIGamal encryption method comprises 
the steps of: 

a. encrypting a message M using a primary secret key z to form a quantity E; 
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b. encrypting a session key z by preparing: 

i. a(new) = z*y^c modulo p; 

ii. b(new) = g'^c modulo p; 

where y = g^x modulo p, cis a random number, x is a receiver secret key, 
and the parameters g, x, and p are picked using a known encryption 
method; 

c. decrypting a(new) and b(new) using the receiver secret key x to get the 
primary secret key z; 

d. using the primary secret key z to decrypt the quantity E and obtain M 
(see Schneier, pages 478, *EIGamal Encryption'; pages 513-515, 'Diffie-Hellman'). This 
encryption method disclosed by Schneier does not specify the step of generating a 
signature based on the triplet a(new), b(new) and E. However, as disclosed by 
Schneier in a separate section, signing documents is the standard methodology to 
ensure the identity of the author of a message and to verify the integrity of the message 
(see Schneier, pages 34-44, 'Digital Signatures', 'Digital Signatures with Encryption'). 
Therefore, it would be obvious to one of ordinary skill in the art at the time the invention 
was made to generate a signature s(new) as a function of a(new), b(new), and E by the 
sender and have the receiver of the transmission validate the signature. Motivation for 
this combination would enable the invention to implement a more secure transmission 
methodology. Finally, Schneier is silent on the matter of the same random number c 
being used in the key encryption step and in the signature step. However, this step 
would be an obvious construction for a plurality of reasons. 1 ) It would minimize the 
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number of random numbers generated for the method and thereby improve the 
efficiency of the method. 2) Fewer secret values mean fewer opportunities for these 
values to be exposed. 3) Also, random numbers created by a random number 
generator are predefined as having a lower and upper bound; hence random number 
generators are periodic. Minimizing the number of random numbers needed enables 
the random number generator to generate random numbers without duplicating the 
values for a longer period of time. Note that if both encryption and signature methods 
are based on El Gamal, then the security of the key values can still be maintained if 
both key encryption and signature implementations are secured together. This type of 
implementation is very typical since it places all sensitive steps in one tamperproof 
secure device. One example is a smart card implementing both an encryption step and 
a signature step as taught by Deo (see Deo, col. 7, lines 10-34). It would be obvious to 
one of ordinary skill in the art at the time the invention was made to use the same 
random number c in both the key encryption step and the signature step when both 
steps are secured together. Motivation for such an implementation enables the method 
to reduce the number of random numbers needed for operation of the method. The 
aforementioned covers claim 1 . 

6. As per claim 2, Schneier covers an EIGamal encryption method as outlined 
above in the claim 1 rejection under 35 U.S.C. 103(a). In addition, the step of 
decrypting a(new) and b(new) using the receiver secret key x to get the primary 
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transmitter secret key z is comprised of computing z = a(new)/b(new)'^x (see Schneier, 
page 478, 'EIGamal Encryption'). 

7. As per claims 3 and 4, Schneier covers an EIGamal encryption method as 
outlined above in the claim 1 rejection under 35 U.S.C. 103(a). In addition, as 
mentioned above, EIGamal encryption can be used for encrypting messages (see 
Schneier, pages 478, 'EIGamal Encryption'). It would be obvious to one of ordinary skill 
in the art at the time the invention was made to encrypt the messages with an EIGamal 
encryption scheme because it is a secure encryption scheme that is not patented and 
hence requires no license to be used. 

8. As per claim 5, Schneier covers an EIGamal encryption method as outlined 
above in the claim 2 rejection under 35 U.S.C. 103(a). Schneier is silent on the matter 
of defining a function to determine the value of z. However, the members of the set Z = 
{g'^k modulo p | k is a nonnegative number} are obvious candidates since this set would 
enable the value z*y'^c modulo p to be a member of the group G modulo p generated by 
the generator g of order @(p), where g and p are relatively prime, @() is Euler's totient 
function, and g'^@(p) = 1 modulo p. Since: 

zV'^c modulo p = (g'^k modulo p * g'^(x*c) modulo p) modulo p 
= g'^(k+x*c) modulo p. 
a(new) is a one to one function of k given that 0 <= k+x*c <= @(p), where x and c are 
held constant. Hence, using the aforementioned constraints, the sender can be 
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confident that distinct values of k will generate distinct primary transmitter secret keys z. 
Therefore, it would be obvious to one of ordinary skill in the art at the time the invention 
was made to generate the primary transmitter secret key from the formula z = g'^k 
modulo p, where k is a random value chosen from the set [0...q], where q is a value 
picked using a known encryption method. 

9. Claims 6, 7, and 8 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Schneier in view of Deo as applied to claim 1 above, and further in view of 
admitted prior art as disclosed by the applicant in the specification (hereinafter 
admission). As per claims 6 and 7, Schneier covers an EIGamal encryption method as 
outlined above in the claim 1 rejection under 35 U.S.C. 103(a). Schneier is silent on the 
matter of defining 2 private transmitter keys z and t where z' = f(z) for some function f() 
and il is the key which encrypts and decrypts the message M. However, as disclosed 
by admission, it is conventional in the art to use functions, such as truncation, to modify 
a generated key value to be used in an encryption method that requires a different key 
length (see admission, page 12, line 14 - page 13, line 3). Therefore, it would be 
obvious to one of ordinary skill in the art at the time the invention was made to define a 
second private transmitter key z', where t = f(z) for some function f() and t is the key 
used to encrypt and decrypt the message M, when the primary transmitter key z is 
provided and is not of the format used for producing the ciphertext E. The motivation for 
such an implementation would enable the invention disclosed by Schneier to implement 
a function to encrypt message M that is independent (or at least less dependent) of the 
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function that generated the first primary transmitter key z. This independence enables 
the cryptosystem to be designed with functions based more on security benefits than on 
compatibility issues. 

10. As per claim 8, Schneier covers an EIGamal encryption method as outlined 
above in the claim 7 rejection under 35 U.S.C. 103(a). In addition, admission discloses 
providing a plurality of portion keys which are derived from the secondary transmitter 
key z' and the plurality of portion keys encrypts and decrypts a data message m when 
the secondary transmitter key z' is provided which is not of the format used for 
producing the ciphertext E (see admission, page 12, line 14 - page 13, line 3). 

11. As per claims 9 and 10, Schneier covers an EIGamal encryption method as 
outlined above in the claim 1 rejection under 35 U.S.C. 103(a). In addition, in different 
sections, Schneier teaches two standard methods to sign messages that have shown to 
be effective as digital signatures: Schnorr signature method and Digital Signature 
Standard (see Schneier, pages 510-512, 'Schnorr'; pages 483-494, 'Digital Signature 
Algorithm'). It would be obvious to one of ordinary skill in the art at the time the 
invention was made to create the signature using either the Schnorr signature method 
or the DSS method since both are proven standards as taught by Schneier. 

12. As per claims 11-14, Schneier covers an EIGamal encryption method as outlined 
above in the claim 1 rejection under 35 U.S.C. 103(a). In addition, a processor is used 
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to implement the steps defined in the claims 1, 3, 9, and 10 as covered by the invention 
taught by Schneier and modified by Deo, Figure 1 . 

Response to Arguments 

13. Applicant's arguments with respect to claims 1-8 have been considered but are 
moot in view of the new ground(s) of rejection. 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jung W Kim whose telephone number is (703) 305- 
8289. The examiner can normally be reached on M-F 9:00 A.M. to 5:00 P.M.. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on (703) 305-1830. The fax phone number 
for the organization where this application or proceeding is assigned is (703) 872-9306. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is (703) 305- 



Conclusion 



3900. 




Jung W Kim 
Examiner 
Art Unit 21 32 



jk 

January 8, 2004 




